Published in


Action Required: Critical Vulnerability for Six Token Contracts on Multichain

Dear users,

A critical vulnerability that affected 6 cross-chain tokens was reported by security firm Dedaub. If you ever have approved any of these 6 tokens on the Router (WETH, PERI, OMT, WBNB, MATIC, AVAX), please login into to remove any approvals of these 6 tokens asap. Otherwise, your assets will always be at risk. Please do not transfer any of these 6 tokens to your wallet before revoking the approvals. The risk will be eliminated instantly upon revoking approvals.

The liquidity for these 6 tokens is fixed now. All assets on both V2 Bridge and V3 Router are safe and all cross-chain transactions can be done safely as usual.

Technical details will be released later. Many thanks to security firm Dedaub.

  • Who needs to revoke approvals

Only users who had approved the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) on Router are required to revoke approvals. For other people, no action is needed.

  • How to revoke approvals

1.If you have approved any of the contracts of the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX), you need to revoke approval(s) and the options will appear according to your past activity. For example, if you had given contract approvals of WBNB and AVAX, you will see both BSC and AVAX buttons as follows when you login into

2. If the BSC/Avalanche network is not connected, you need to switch networks by clicking on ‘Switch to BSC’ or ‘Switch to Avalanche’ and you will see a revoke button then. Please click on ‘Revoke’.

3. After that, a Metamask window will pop up, please click on the ‘Confirm’ button

4. Wait for a few seconds and the notification of ‘Approve BNB’ will appear on the top right corner, which means you have revoked the WBNB approval.

5. In addition to WBNB on BSC, you still need to revoke the approval of AVAX on Avalanche in this scenario. Please switch to the Avalanche network to revoke. The process is the same as for WBNB.

  • How to check the status of removal

To double check, you can simply refresh the page once you remove the approval(s). If the webpage shows ‘No actions needed’ as in the following screenshot, your removal process is completed.

If you have any questions, please reach out to us here:








An infrastructure for on-chain asset interoperability, envisioned to be the ultimate router for Web3

Recommended from Medium

Googlebot and Bingbot crawler IP Addresses Given By Google and Microsoft

Googlebot and Bingbot crawler IP Addresses Given By Google and Microsoft

NEO Smart Contract: Caller Validation

M&A: When Their Attack Surface Becomes Your Attack Surface

Phishing Attacks: Identification and Prevention

The Newsletter by Tokenize Xchange (Vol.177| Feb 2022)

{UPDATE} Fill In 3D Hack Free Resources Generator

Personal data and image protection:   contradiction between exhibitionism and self-protection

HackInterview with Vandana — document your learning in the form of blogs

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Multichain (Previously Anyswap)

Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3

More from Medium

Multichain Contract Vulnerability Post Mortem

Gains Network | Immunefi Bug Bounty Listing

Mimo Protocol Is Now on Fantom

DeFi Security Lecture 6 — — Phishing Attack